Alerting

Custom Alert Action Arguments

sochsenbein
Communicator

I wrote a Python 3.7.3 script to interact with our paging system's web api. It takes three parameters from the alert's html UI: To, From, and Message. Inspecting the Job for the alert, I can see that the correct values are assigned to these parameters, however, we never receive a page. I believe that perhaps I am not reading them into the script correctly using sys.stdin.read() and parsing out the values. Any guidance would be appreciated.

Script: (constants declarations not included)

if __name__ == "__main__":
    try:
        # Get Arguments
        payload = json.loads(sys.stdin.read())
        payload = payload['configuration']
        _to = payload['to']
        _from = payload['from']
        _message = payload['message']

        # Start a request session
        session = requests.Session()

        # Get Access Token
        auth = '%s:%s' % (CONSUMER_KEY, CONSUMER_SECRET)
        encodedCred = str(base64.b64encode(bytes(auth, 'ascii')))[2:-1]

        header = {'Content-Type': 'application/x-www-form-urlencoded', 'Authorization': 'Bearer ' + encodedCred}
        body = "grant_type=client_credentials"
        request = requests.Request('POST', TOKEN_URL, data=body, headers=header)
        prepped = request.prepare()
        response = session.send(prepped, verify=False)

        if response.status_code != 200:
            sys.exit(1)

        prettyJSON = json.loads(response.text)
        token = prettyJSON['access_token']

        # Send Page
        query_parameters = {'To': _to,
                            'From': _from,
                            'Message': _message
                            }
        header = {"Authorization": "Bearer  %s" % token, "Accept": "application/json"}
        request = requests.Request('POST', PAGE_URL, data=query_parameters, headers=header)
        prepped = request.prepare()
        response = session.send(prepped, verify=False)

        if response.status_code != 200:
            sys.exit(1)

    except Exception as ex:
        sys.exit(1)

alert_actions.conf:

[ui]
is_visible = 1
label = Send a Page

[launcher]
author = sochsenbein
description = Send a page using the web api
version = 1.0

[install]
state = enabled
is_configured = 1

HTML:

<form class="form-horizontal form-complex">

    <div class="control-group">
        <label class="control-label" for="send_a_page_from">From </label>
        <div class="controls">
            <textarea name="action.send_a_page.param.from" id="send_a_page_from" placeholder="// your username here"></textarea>
        </div>
    </div>

    <div class="control-group">
        <label class="control-label" for="send_a_page_to">To </label>
        <div class="controls">
            <textarea name="action.send_a_page.param.to" id="send_a_page_to" placeholder="// comma separate usernames"></textarea>
        </div>
    </div>

    <div class="control-group">
        <label class="control-label" for="send_a_page_message">Message </label>
        <div class="controls">
            <textarea name="action.send_a_page.param.message" id="send_a_page_message" placeholder="// remember to keep the message short..."></textarea>
        </div>
    </div>

</form>

Documentation/References:
https://docs.splunk.com/Documentation/Splunk/7.2.6/AdvancedDev/CustomAlertConvertScripted
https://docs.splunk.com/Documentation/Splunk/7.2.6/AdvancedDev/ModAlertsCreate
https://answers.splunk.com/answers/442603/how-do-i-get-the-8-standard-alert-action-script-pa-1.html

0 Karma
1 Solution

sochsenbein
Communicator

I found that Splunk has its own symlink that points to Python 2.7, so after changing the code to work with Python 2.7, the scripts works fine.

View solution in original post

0 Karma

sochsenbein
Communicator

I found that Splunk has its own symlink that points to Python 2.7, so after changing the code to work with Python 2.7, the scripts works fine.

0 Karma

jnudell_2
Builder

Hi,
I just worked on a script that takes arguments. Here are the bits you need I believe:

payload = json.loads(sys.stdin.read())
config = payload['configuration']
_to = config.get('to')
_from = config.get('from')
_message = config.get('message')

Make sure you're importing the right Splunk libraries as well (not sure you need all these)
import sys, os
import splunk
import json
from urllib import urlencode
import urllib2

0 Karma

sochsenbein
Communicator

@jnudell_2 the script works when ran from the command line. The imports I use are sys, requests, json, and base64 (Python 3.7.3). I compared that to another script we have that does work and it's only using sys, json, and urllib2. I am using those functions you listed, as well, minus the "get", I believe that's just Python 2. In 3 you can do var[key]. Do you know if Splunk logs errors for failed scripts? I looked through splunkd_stderr.log and splunkd_stdout.log but nothing referencing the script.

0 Karma
Get Updates on the Splunk Community!

Splunk Classroom Chronicles: Training Tales and Testimonials

Welcome to the "Splunk Classroom Chronicles" series, created to help curious, career-minded learners get ...

Access Tokens Page - New & Improved

Splunk Observability Cloud recently launched an improved design for the access tokens page for better ...

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

&#x1f342; Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...